Vinicius Moreira Mello wrote:
>
> Jose Varghese wrote:
> >
> > Keeping it simple: Physical segregation and only Internet access

>
> Sorry, but I don't agree. If you deploy and maintain the network you'll
> be liable for any legal action against you in case of misuse.


Perhaps so, but irrelevant, in my view, because I feel responsibility
trumps legal liability. IOW: Even were there no legal liability, it
would be the height of irresponsibility to create an uncontrolled,
un-monitored WiFi hot spot with unfettered access to the 'net.

> Making
> reality simpler is not the same as creating simple solutions.


s/is not/is not necessarily/

>
> I would consider studying solutions #2 or #3 from John Adams's message.
> There are some guides/howtos out there that show how to configure such
> scenarios.


The problem with those solutions is that not all clients will be
supported by the newer WiFi protocols. Most 802.11b drivers don't
support WAP, much-less 802.1x, for example. And even if they do
support them, older implementations may need to be patched to get
bug-fixes. Are *you*, the local network admin., going to take
responsibility for patching a guest's PC? Then there'll be the
administrative overhead in granting the guest access: Both server-side
and client-side. For every visitor--coming and going. Are you, the
local network admin., going to take responsibility for making
configuration changes to a visitor's PC?

Don't get me wrong: I agree that an open mode WLAN is a Very Bad Idea.
But I don't see how John Adams' suggestions are practical, either.

Am I missing something?

Jim
--
Note: My mail server employs *very* aggressive anti-spam
filtering. If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at .
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/li...rewall-wizards